CCNA Security
COURSE
DURATION
PROGRAMME OVERVIEW
The CCNA Security certification lays the foundation for job roles such as Network Security Specialist, Security Administrator and Network Security Support Engineer.
PREREQUISITES
A valid CCENT or a valid CCNA Routing and Switching or any CCIE certification can act as a prerequisite.
TARGET STUDENT
For individuals wishing to obtain their CCNP Security certification.
Course Content:
210-260: Implementing Cisco Network Security Exam
1.0 Security Concepts
1.1 Common security principles
- 1.a Describe confidentiality, integrity, availability (CIA)
- 1.b Describe SIEM technology
- 1.c Identify common security terms
- 1.d Identify common network security zones
1.2 Common security threats
- 2.a Identify common network attacks
- 2.b Describe social engineering
- 2.c Identify malware
- 2.d Classify the vectors of data loss/exfiltration
1.3 Cryptography concepts
- 3.a Describe key exchange
- 3.b Describe hash algorithm
- 3.c Compare and contrast symmetric and asymmetric encryption
- 3.d Describe digital signatures, certificates, and PKI
1.4 Describe network topologies
- 4.a Campus area network (CAN)
- 4.b Cloud, wide area network (WAN)
- 4.c Data center
- 4.d Small office/home office (SOHO)
- 4.e Network security for a virtual environment
2.0 Secure Access
2.1 Secure management
- 1.a Compare in-band and out-of band
- 1.b Configure secure network management
- 1.c Configure and verify secure access through SNMP v3 using an ACL
- 1.d Configure and verify security for NTP
- 1.e Use SCP for file transfer
2.2 AAA concepts
- 2.a Describe RADIUS and TACACS+ technologies
- 2.b Configure administrative access on a Cisco router using TACACS+
- 2.c Verify connectivity on a Cisco router to a TACACS+ server
- 2.d Explain the integration of Active Directory with AAA
- 2.e Describe authentication and authorization using ACS and ISE
2.3 802.1X authentication
- 3.a Identify the functions 802.1X components
- 4 BYOD
- 4.a Describe the BYOD architecture framework
- 4.b Describe the function of mobile device management (MDM)
3.0 VPN
3.1 VPN concepts
- 1.a Describe IPsec protocols and delivery modes (IKE, ESP, AH, tunnel mode,transport mode)
- 1.b Describe hairpinning, split tunneling, always-on, NAT traversal
3.2 Remote access VPN
- 2.a Implement basic clientless SSL VPN using ASDM
- 2.b Verify clientless connection
- 2.c Implement basic AnyConnect SSL VPN using ASDM
- 2.d Verify AnyConnect connection
- 2.e Identify endpoint posture assessment
3.3 Site-to-site VPN
- 3.a Implement an IPsec site-to-site VPN with pre-shared key authentication on Cisco routers and ASA firewalls
- 3.b Verify an IPsec site-to-site VPN
4.0 Secure Routing and Switching
4.1 Security on Cisco routers
- 1.a Configure multiple privilege levels
- 1.b Configure Cisco IOS role-based CLI access
- 1.c Implement Cisco IOS resilient configuration
4.2 Securing routing protocols
- 2.a Implement routing update authentication on OSPF
4.3 Securing the control plane
- 3.a Explain the function of control plane policing
4.4 Common Layer 2 attacks
- 4.a Describe STP attacks
- 4.b Describe ARP spoofing
- 4.c Describe MAC spoofing
- 4.d Describe CAM table (MAC address table) overflows
- 4.e Describe CDP/LLDP reconnaissance
- 4.f Describe VLAN hopping
- 4.g Describe DHCP spoofing
4.5 Mitigation procedures
- 5.a Implement DHCP snooping
- 5.b Implement Dynamic ARP Inspection
- 5.c Implement port security
- 5.d Describe BPDU guard, root guard, loop guard
- 5.e Verify mitigation procedures
4.6 VLAN security
- 6.a Describe the security implications of a PVLAN
- 6.b Describe the security implications of a native VLAN
5.0 Cisco Firewall Technologies
5.1 Describe operational strengths and weaknesses of the different firewall technologies
- 1.a Proxy firewalls
- 1.b Application firewall
- 1.c Personal firewall
5.2 Compare stateful vs. stateless firewalls
- 2.a Operations
- 2.b Function of the state table
5.3 Implement NAT on Cisco ASA 9.x
- 3.a Static
- 3.b Dynamic
- 3.c PAT
- 3.d Policy NAT
- 3 e Verify NAT operations
5.4 Implement zone-based firewall
- 4.a Zone to zone
- 4.b Self zone
5.5 Firewall features on the Cisco Adaptive Security Appliance (ASA) 9.x
- 5.a Configure ASA access management
- 5.b Configure security access policies
- 5.c Configure Cisco ASA interface security levels
- 5.d Configure default Cisco Modular Policy Framework (MPF)
- 5.e Describe modes of deployment (routed firewall, transparent firewall)
- 5.f Describe methods of implementing high availability
- 5.g Describe security contexts
- 5.h Describe firewall services
6.0 IPS
6.1 Describe IPS deployment considerations
- 1.a Network-based IPS vs. host-based IPS
- 1.b Modes of deployment (inline, promiscuous – SPAN, tap)
- 1.c Placement (positioning of the IPS within the network)
- 1.d False positives, false negatives, true positives, true negatives
6.2 Describe IPS technologies
- 2.a Rules/signatures
- 2.b Detection/signature engines
- 2.c Trigger actions/responses (drop, reset, block, alert, monitor/log, shun)
- 2.d Blacklist (static and dynamic)
7.0 Content and Endpoint Security
7.1 Describe mitigation technology for email-based threats
- 1.a SPAM filtering, anti-malware filtering, DLP, blacklisting, email encryption
7.2 Describe mitigation technology for web-based threats
- 2.a Local and cloud-based web proxies
- 2.b Blacklisting, URL filtering, malware scanning, URL categorization, webapplication filtering, TLS/SSL decryption
7.3 Describe mitigation technology for endpoint threats
- 3.a Anti-virus/anti-malware
- 3.b Personal firewall/HIPS
- 3.c Hardware/software encryption of local data
CERTIFICATION
Certificate from Polyglot Institute